[libvirt] [PATCH[ nwfilter: Discard class D and E IP addresses when sniffing
Stefan Berger
stefanb at us.ibm.com
Fri Aug 13 20:03:41 UTC 2010
Eric Blake <eblake at redhat.com> wrote on 08/13/2010 03:56:12 PM:
> [image removed]
>
> On 08/13/2010 01:45 PM, Stefan Berger wrote:
> >>> - // skip eth. bcast and mcast addresses,
> >>> + // skip eth. bcast and mcast addresses
(224.0.0.0
> > -
> >>> + // 239.255.255.255), class E (255.*)
> >>> // and zero address in DHCP Requests
> >>> - if ((ntohl(vmaddr) & 0xc0000000) || vmaddr ==
0)
>
> > http://en.wikipedia.org/wiki/Classful_network
> >
> > Class D addresses have highest bits with pattern 1110 0000 -> 0xe0
> > Class E addresses have highest bits with pattern 1111 0000 -> 0xf0
> >
> > I think my masks are fine and the masking with 0xf0 00 00 00 should
also
> > include 254.* = 0xfe.* .
>
> In that case, the comments are wrong. Class E is more than 255.*, it is
> 240.0.0.0-255.255.255.255. And in that case, the bit operations can be
> simplified:
>
> if ((ntohl(vmaddr) & 0xc0000000) == 0xc0000000) || vmaddr == 0)
>
> In other words, the logic bug is that we were rejecting IP addresses
> that had 1 or 2, but not all three, of the top three bits set. The
> desired action is to reject IP packets if all three of the top bits are
> simultaneously set.
Right, the comment was not correct. I think the simplified if should be
if ((ntohl(vmaddr) & 0xe0000000) == 0xe0000000) || vmaddr == 0)
That then covers class D and E since this mask then covers 0xe0.00.00.00 -
0xff.ff.ff.ff = 225.0.0.0 - 255.255.255.255.
>
> Let's see a v2 that gets the comments right, and uses the simpler logic.
Coming soon.
Stefan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100813/5a237f02/attachment-0001.htm>
More information about the libvir-list
mailing list